United Kingdom

Information Protection and Business Resilience 

If pirates were operating openly in the English Channel there would be outrage, questions would be asked in Parliament, and a movie length documentary would be produced. Yet something similar is happening right now in the digital world.  The main difference is that the enemy is not a group of outlaws, they are often extremely educated, well organised, financially motivated and increasingly driven by ideology.

 

The enemy is targeting sensitive corporate information – a critical asset for all organisations that needs to be carefully protected at all times. If confidential business information is compromised reputations may be impacted, customer confidence may decrease and business partners may lose trust. Senior business executives will be held accountable when personal data is lost. They risk breaching legislation and regulations, both of which can result in significant financial penalties or even a prison sentence.

 

KPMG’s Information Protection and Business Resilience team helps organisations identify, prepare, manage and respond to these challenges through a range of advisory and assurance services. 

What's on your Mind?

 

  • How do I respond to this evolving threat landscape?
  • Is my organisation at risk from confidential data leakage?
  • How are my competitors addressing these challenges?
  • How do our suppliers handle our sensitive data?
  • What are the risks associated with adopting new channels and technologies?
  • How do I comply with the legislation, regulation and industry requirements?

    

Bringing you Peace of Mind

 

    We work with our clients to answer these questions and more. Some of our core service offerings are listed below:

     

  • Strategic security remediation and improvement programmes, including planning, design and management
  • Data leakage prevention assessments and incident response
  • Benchmarking across peer organisations and CISO roundtable discussions
  • Secure system design and advice on identity and access management
  • Supplier risk reviews and definition of good practice governance and processes
  • Risk advisory for new channels and technologies, as well as process definition and technology selection
  • Security assurance activities through UKAS accredited ISO 27001 certification and penetration testing  

 

What's in it for you?

 

  • New products and services are launched and operated with confidence
  • Confidence and assurance that information security risks are understood and managed
  • Accelerated remediation activity to reduce risk
  • Knowledge of industry leading practices to managing security
  • Cost effective compliance with security and privacy legislation, regulations and industry requirements

  

Why KPMG?

 

  • Award winning - We were awarded the “Information Security Consultancy of the Year” at the SC Magazine Europe Awards 2012 (and 2011). We received these awards as recognition of our ability to assist businesses with understanding and implementing information security management processes. We have also received an MCA Management Award for Business Strategy (PDF 186 KB) for our work with a leading bank on a major third party security assurance programme.
  • Independence - We are not tied into any technology or software vendor. All of our recommendations and technical strategies are based solely on what is fit and appropriate for your business.
  • Commitment - Our client relationships are built on mutual trust and long-term commitment to providing effective and efficient solutions, and we are dedicated to providing a service that is second to none.
  • Industry knowledge  We are proud to own the I-4 (International Information Integrity Institute), the world’s leading forum for senior information security leaders to collaborate and share knowledge. 

 

Case Study

 

Client Issue

Our client, a financial service provider, had suffered a security breach involving customer information at a third party supplier. Mindful of increased regulatory scrutiny and driven by its own determination to secure a tighter grip on its external relationships, they wished to implement a global assessment of the level of security control across all critical suppliers.

What we did

KPMG carried out comprehensive reviews into the data security of all of the client’s high-risk third party suppliers. KPMG engaged its global network of technical specialists and programme management experts to ensure that the programme was mobilised within hours of initial contact with the client.

 

Outcomes

 

  • A data security assessment report for each of the third parties – we reviewed 360 suppliers globally in five weeks.
  • Assistance with remediation planning for some suppliers following the discovery of 'major' findings.
  • The client could demonstrate to the regulator that they were taking full and appropriate action to adequately address the issues, thereby avoiding any imposed remedial action.

Contact

Malcolm Marshall

Malcolm Marshall

Partner

Head of Information Protection and Business Resilience 
KPMG LLP

020 7311 5456

malcolm.marshall@kpmg.co.uk

Stephen Bonner

Stephen Bonner

Partner, Financial Services

Head of Information Protection and Business Resilience 
KPMG LLP

020 7694 1644

stephen.bonner@kpmg.co.uk

Charles Hosner

Charles Hosner

Partner, Corporates

Information Protection and Business Resilience 
KPMG LLP

07500 809 597

charles.hosner@kpmg.co.uk

MArtin Tyley

Martin Tyley

Partner, Regions

Information Protection and Business Resilience 
KPMG LLP

0113 231 3934

martin.tyley@kpmg.co.uk

For general enquiries please contact asksecurity@kpmg.co.uk

 

KPMG Slant - The digital crossroads

KPMG Slant - The digital crossroads

 

Technology has revolutionised the day-to-day lives of individuals and organisations alike. But if we're to continue to benefit and to profit from it, and if we're to minimise the potential downsides, we're going to have make some choices.

 

Cyber Governance Health Check

You may be aware of a new and unprecedented UK Government initiative to raise awareness of cyber risks across the FTSE350 list of companies in the UK. The initiative is called the “Cyber Governance Health Check” and is designed to both gauge the level of awareness of Boards with regards to cyber risks, and to gain a level of independent assurance about their counter-cyber attack capabilities. KPMG and other large professional service firms have been working with the Government over the course of 2013 to design and undertake the health check with their audit clients. We are proud to be assisting the Government on such an important and valuable initiative for UK industry. You can find out more information on the Department for Business Innovation and Skills website

KPMG's Data Loss Health Check

KPMG's I-4 Program